[whatwg] Proposal for cross domain security framework

Hi! Thank you for pointing to that document. I quickly scanned trough
it but I have a small problem with the specification: does it require
web servers to check the Origin header? What happens with older web
applications that do not check this header?

Frode


2008/6/23 Anne van Kesteren <annevk at opera.com>:
> On Mon, 23 Jun 2008 09:34:27 +0200, Frode B?rli <frode at seria.no> wrote:
>>
>> [...]
>
> I'd suggest looking into the work the W3C has been doing on this for the
> past two years:
>
>  http://dev.w3.org/2006/webapi/XMLHttpRequest-2/
>  http://dev.w3.org/2006/waf/access-control/
>
>
> --
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>
>



-- 
Best regards / Med vennlig hilsen
Frode B?rli
Seria.no

Mobile:
+47 406 16 637
Company:
+47 216 90 000
Fax:
+47 216 91 000


Think about the environment. Do not print this e-mail unless you really need to.

Tenk milj?. Ikke skriv ut denne e-posten dersom det ikke er n?dvendig.

Received on Monday, 23 June 2008 05:18:22 UTC